Research Of Secure Scan Designs Against Scan-based Side-channel Attacks

Design for testability(DFT) techniques have been widely applied in integrated circuits(ICs) design to facilitate the testing process. Scan design has been regarded as the best discipline for DFT as it provides high controllability and observability for flip-flops and hence enables the combinational automatic test pattern generation(ATPG) to generate test patterns for sequential designs. However, scan design is a double-edge sword as it causes security risk for the secret information in circuit under test(CUT) while providing high testability. Especially, for the crypto chips, scan chain has been used as a side channel to pry on the intermediate encryption result, which can be used to decipher the secret key inside a chip.To resist the scan-based side-channel attacks, various countermeasures have been proposed. Some of them adopted the scheme of obfuscating scan chain order in the secure scan designs to resist scan-based attacks. In this work, the existing scan-based attacks from the angle whether they rely on any specific scan chain order are analyzed. It is proved that all the existing scan-based attacks do not rely on a specific scan chain order. As an example, for the recently proposed random order scan(ROS) countermeasure, this dissertation demonstrates, how an attacker can access the complete state of the scan chain and hence defeat the countermeasure. A conclusion is drawn that a successful scan-based attack does not rely on a certain scan testing order and countermeasures based on obfuscating scan order are not secure any more facing scan-based attacks.Two new secure scan design schemes are proposed in this work to resist scan-based attacks. The first scheme is proposed to introduce extra design to block the cipher key to be involved in encryption. Cipher key is not accessible under testing mode and all the sensitive information in scan chain will be cleared by a reset operation once the chip is switched from normal working mode to testing mode. The second secure design scheme proposed to obfuscate the output responses from scan chain by mixing the intermediate encryption states from scan chain with the current data from combinational circuit. This is implemented by modifying some chosen scan cells to work under the control of an inserted shift register. If the shift register cannot be configured correctly, some scan cells will work under normal mode when testing is exercised. This just results in chaotic testing data output from the scan chain. As the intermediated encryption result cannot be observed normally, scan-based attacks is resisted. These two secure scan designs both introduce acceptably low area overhead while testability is not affected.However, it is noted that the modified scan cells in the proposed scheme based on obfuscating scan output are controlled separately by the inserted shift register. In this work, such weakness is highlighted and a divide and conquer attack scenario is explored to defeat the proposed scheme. To resist the newly proposed attack scenario, an improved secure design method is then proposed. When the shift register cannot be configured correctly, it will cycle the data in it, which can configure the working modes of all modified scan cells randomly and dynamically. This can successfully impede an attack to analyze the position of the modified scan cell one by one.The dissertation reviews existing scan-based side-channel attacks and existing countermeasures. This work explored the weakness of existing secure scan design based on obfuscating scan chain order and then propose two new countermeasures. A new attack scenario is proposed to challenge one proposed secure scan design scheme and an improved secure scan design is proposed to resist the proposed attack. All these schemes just incur low area overhead while maintaining the testability. New work will focus on the secure design of the user key by using the physical unclonable function in the proposed design.